- AppSec News
- DEFCON 18 Social-Engineer CTF Contest Findings Report Summary – social-engineer.org
One of the most alarming findings was that it doesn’t take a seasoned expert in social engineering to successfully penetrate a company.
- All about Cyber-RAID
- Blackhat USA 2010 and Defcon 18 Audio/Video – mcgrewsecurity.com
Darkoz’s archive of hacker conference media has added audio and video of the recent Blackhat USA 2010 and Defcon 18 conferences.
- DRG SSH Username and Password Authentication Tag Clouds – dragonresearchgroup.org
Most popular usernames and passwords.
- Mind your passwords, make them different – crackpassword.com
It is very likely that some Web-services do as described, either sell such info to third parties or use it for evil purposes.
- Join The Community – Cleveland Security Groups – securestate.blogspot.com
One thing you cannot debate is Cleveland has a very strong security community.
- SET v0.7 “Swagger Wagon” Released with Updated Tutorials! – secmaniac.com
I’m proud to release the latest version of SET v0.7, this release has two new attack vectors (multi attack and web jacking), three new Teensy HID payloads and a number of bug fixes and additions.
- RunInsideLimitedJob – didierstevens.com
Here’s another tool to mitigate exploitation of vulnerable (office) applications.
- sessionthief – HTTP Session Cloning & Cookie Stealing Tool – darknet.org.uk
sessionthief performs HTTP session cloning by cookie stealing. It can issue basic nmap and nbtscan commands to see which IPs are on the subnet, or just listen for IPs broadcasting packets.
- Web Penetration Testing Scripts – Part 2 – pauldotcom.com
p0wnpr0xy.py is a simply python script that acts as a http/https proxy and launches commands such as sqlmap against targets that are in-scope.
- Blind Cat is Updated to 0.0.1.1. No More Problems With SSL Certificates! – itsecuritylab.eu
Recently I made some updates to the tool as during the last tests it happened that there were some issues when connecting to the target website over SSL.
- PsExec and the Nasty Things It Can Do – windowsecurity.com
In this article I’m going to give an overview of what PsExec is and what its capabilities are from an administrative standpoint.
- Releasing New Tool IMPasswordDecryptor on PasswordAnalytics.com – securityxploded.com
Now with the launch of PasswordAnalytics, our much awaited password recovery tool, IMPasswordDecryptor is out now.
- Launched Our New Portal, PasswordAnalytics.com – securityxploded.com
Finally it is worth the wait and it has come up better than any of our previous analytic sites at the first release itself.
- OpenFISMA 2.9 Released – openfisma.org
Release 2.9 does not include any major new features, but it does include several small feature enhancements and under-the-hood improvements, as well as a slew of bug fixes.
- Wi-fEye – wi-feye.za1d.com
Wi-fEye is designed to help with network penetration testing, Wi-fEye will allow you to perform a nubmer of powerful attacks.
- WSFuzzer – owasp.org
This tool was created based on, and to automate, some real-world manual SOAP pen testing work.
- RIPS 0.34 – sourceforge.net/projects/rips-scanner/
RIPS is a static source code analyser for vulnerabilities in PHP webapplications. It was released during the Month of PHP Security (www.php-security.org).
- FiddlerCore v18.104.22.168 – fiddler2.com
FiddlerCore allows you to integrate HTTP/HTTPS traffic viewing and modification capabilities into your .NET application, without any of the Fiddler UI.
- Open Source Tripwire 2.4.2 released! – sourceforge.net/apps/wordpress/tripwire/
It contains a couple of bug fixes and gave me the opportunity to get familiar with the software once more.
- Danger of JSP Includes and Parameter Passing – michael-coates.blogspot.com
The current “fail-over” type behavior of reqeust.getParameter is not expected and can result in dangerous XSS vulnerabilities as indicated above.
- More WPA2 Hole 196 Reflections and TCP/IP Stack (Mis)Behaviors – taddong.com
Hole 196 exploits this principle attacking the GTK, the Group Temporal Key shared by all Wi-Fi clients to exchange broadcast and multicast traffic.
- Memory Forensics For Pentesters: Part 1 – room362.com
This is part one in a series of presentations I will be giving at the NoVAHackers meetings on forensics of all kinds as it can be leveraged in a penetration test.
- Digging deeper into Stuxnet
But new information about the worm shows that it leverages at least three other previously unknown security holes in Windows PCs, including a vulnerability that Redmond fixed in a software patch released today.
- ‘Stuxnet’ Worm Far More Sophisticated Than Previously Thought – krebsonsecurity.com
- Stuxnet – Fingerprinting A Specific Target – digitalbond.com
- Windows HOSTS File Script To Block Bad Domains – sans.org
A well-known trick to block the domain names used by malware, spyware and advertising sites is to add these names to one’s HOSTS file using an invalid IP address such as “0.0.0.0″.
- Automated Padding Oracle Attacks with PadBuster – gdssecurity.com
By default PadBuster assumes that the sample is Base64 encoded, however in this example the encrypted text is encoded as an uppercase ASCII HEX string.
- One Vector To Rule Them All – thespanner.co.uk
I had to use multiple evals as the contexts increased because for stuff like background= etc there was no way I could figure reusing the existing one.
- Evil Wifi – Captive Portal Edition – h-i-r.net
Originally, my Evil Wifi setup was a stand-alone rig with a laptop and a wireless router.
- From 0x90 to 0x4c454554, a journey into exploitation – myne-us.blogspot.com
In the last few weeks I have been diving deeper down the rabbit hole of exploitation work and with a bit of work and time to prepare myself for the long run I compiled a set of areas to study in a course type layout.
- Musings on Metasploit – technicalinfodotnet.blogspot.com
It’s always fun to watch HD Moore as he covers the latest roadmap for Metasploit – explaining the progress of various evasion techniques as they’re integrated in to the tool and deriding the progress of various “protection” technologies.
- ‘Padding Oracle’ Crypto Attack Affects Millions of ASP.NET Apps – threatpost.com
The problem lies in the way that ASP.NET, Microsoft’s popular Web framework, implements the AES encryption algorithm to protect the integrity of the cookies these applications generate to store information during user sessions.
- Another Flash Player security vuln spotted
A critical vulnerability exists in Adobe Flash Player 10.1.82.76 and earlier versions for Windows, Macintosh, Linux, Solaris and Android.
- Security Advisory for Adobe Flash Plater (APSA10-03) – adobe.com
- Schedule Update to Security Advisory for Adobe Reader and Acrobat (APSA10-02) – adobe.com
Adobe Warns of Attacks on New Flash Flaw – krebsonsecurity.com
- Yet Another Adobe Flash Unpatched Vulnerability Actively Exploited in the Wild – hackademix.net
- Adobe Flash v10.1.82.76 and earlier vulnerability in-the-wild – sans.edu
- Directory Traversal in Axigen v7.4.1 running on Windows – acunetix.com
Axigen Webmail version 7.4.1 is vulnerable to a directory traversal vulnerability. Only Axigen installations running on Windows platforms are affected.
- Hole in Linux kernel provides root rights – h-online.com
A vulnerability in the 32-bit compatibility mode of the current Linux kernel (and previous versions) for 64-bit systems can be exploited to escalate privileges.
- Microsoft helps Adobe block PDF zero-day exploit – computerworld.com
Urges Windows users to deploy EMET 2.0 to stop attacks on Reader.
- Redmond sends some security updates
Four have a maximum severity rating of Critical with the other five having a maximum severity rating of Important. Furthermore, six of the nine bulletins either do not affect the latest version of our products or affect them with reduced severity.
- September 2010 Security Bulletin Release – technet.com
- Assessing the risk of the September security updates – technet.com
- Security Advisory 2416728 Released – technet.com
- Microsoft Security Bulletin MS10-061 – Critical – microsoft.com
- Microsoft Security Bulletin MS10-062 – Critical – microsoft.com
- Microsoft Security Bulletin MS10-064 – Critical – microsoft.com
- Microsoft Security Bulletin MS10-065 – Important – microsoft.com
- Microsoft Security Bulletin MS10-066 – Important – microsoft.com
- Microsoft Security Bulletin MS10-067 – Important – microsoft.com
- Microsoft Security Bulletin MS10-068 – Important – microsoft.com
- Microsoft Security Bulletin MS10-069 – Important – microsoft.com
- MS10-061: Printer Spooler Vulnerability – technet.com
- MS10-065: Exploitability of the IIS FastCGI request header vulnerability – technet.com
- Understanding the ASP.NET Vulnerability – technet.com
- Security update for Samba 3.5 – Update – h-online.com
The Samba developers have released version 3.5.5 of Samba, a security update that addresses a buffer overrun vulnerability in their open source file and print server software.
- Firefox 3.6 Released – mozilla.com
Fixed a single stability issue affecting a limited number of users.
- HP buys ArcSight
Hewlett-Packard will soon purchase security vendor ArcSight for $1.5 billion, the Wall Street Journal reported Sunday.
- No certificate for you! Verisign revokes cert from malware fiends – sophos.com
Similar to the Stuxnet situation, Verisign has revoked the signing certificate used to sign the payload associated with this attack.
- FireStarter: Automating Secure Software Development – securosis.com
So let’s take security out of the application developers’ hands entirely and build it in with compilers and pre-compilers that take care of bad code automatically. That way they can continue to be ignorant, and we’ll fix it for them!
- Web sites distribute malware via hacked OpenX servers – h-online.com
The vulnerability in the free OpenX ad server made public on Monday is already being actively exploited to distribute malware.
- Alleged HDCP Encryption Crack Is No Pirate Bonanza – wired.com
Hollywood studios and the maker and licensing authority of the High-Bandwidth Digital Content Protection standard were scrambling Wednesday to determine whether a so-called “master key” to the anti-piracy encryption technology has leaked onto the internet.
- Security researchers ‘destroy’ Microsoft ASP.NET security – theinquirer.net
The exploit, to be shown off at the Ekoparty Conference later this week, could affect millions of websites that use AES encryption functions built into Microsoft’s ASP.NET software to protect the integrity of cookies during user sessions.